package org.example.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/demo")
public class DemoController {
    @GetMapping("/userList")

    @PreAuthorize("hasPermission('user:list')")
    public String userList(){
        return "userList";
    }
//检查登录用户是否有权限
    @GetMapping("/userAdd")
    @RequiresPermissions("user:add")
    public String userAdd(){
        return "userAdd";
    }

    @GetMapping("/supplierAdd")
    @PreAuthorize("hasRole('employee')")
    public String supplierList(){
        return "supplierList";
    }

    @GetMapping("/manager")
    @RequiresRoles("manager")
    public String supplierAdd(){
        return "supplierAdd";
    }
}
